[Date Prev][Date Next] [Chronological] [Thread] [Top]

[OT] SELinux woes

To: openldap-technical@openldap.org
Subject: [OT] SELinux woes
From: Ori Bani <oribani@gmail.com>
Date: Wed, 16 Jan 2013 22:11:59 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=/m4PgVN/cN3mFGC/V/TW9yFF5BBfVvgzbIwCV30ZgTI=; b=kYGU3eDc66+IMq5JsE0DieBP7XdbyfbBoWPnwyFuTBiL3pgEPa1LZ5RO05INWNHJkd VXMwKdSsJ5tI7mJHCc4n7sXwmD2xQV/vx54MsuEwmgD6nWCd+2+pqc8f+bDLS2J+PK4X XNW5rAysYzxzFcThv5jXfLDoLPw3qRRpdPPnlQWyN0u183fIusdf1WVLGOza9oVhrWi5 c1Rr7fZHY07QyRBzdTl5lJ57gYPxKMdG4DZc2nbHifHVgvRNoS0ff8ZkSW5xumORaNFb HE+1JyCW7mNtISo5xQSy2ufQJMS7Ettpuofi3PpepjO2kpwNRAU/daSwnRJw7CaYUErz 7DiQ==

All,

Trying to switch to slapd.conf instead of dynamic configuration in
order to test the back-sql backend I ran into a problem with SELinux
that I do not understand.

The startup fails with the error:

/etc/openldap/slapd.conf: line 27: invalid path: Permission denied

Disabling SELinux fixes the problem, however I'm not sure what is
going on.  The line in question is naturally the "directory" that
points in this case to /var/lib/ldap.  That directory is a hand-made
clone of the original one that was there which was moved (renamed) out
of the way.  Here is what I did:

mv /etc/openldap/slapd.d   /etc/openldap/slapd.d.BAK
mv /var/lib/ldap /var/lib/ldap.BAK
mkdir /var/lib/ldap
chown ldap:ldap /var/lib/ldap
chmod 700 /var/lib/ldap
create a simple /etc/openldap/slapd.conf

The ownership and permissions on ldap and ldap.BAK directories are
identical.  OpenLDAP works fine if I disable SELinux.

What is SELinux doing here?

Follow-Ups:
- Re: [OT] SELinux woes
  - From: Patrick Lists <openldap-list@puzzled.xs4all.nl>
- Re: [OT] SELinux woes
  - From: Benin Technologies <benintechnologies@yahoo.fr>

Prev by Date: Re: Permissions, users, startup when install from source
Next by Date: Re: [OT] SELinux woes
Index(es):
- Chronological
- Thread